Many global organisations are actively trying to reduce the number of cyber security vendors they rely on in their technology stacks.
In total, 75% of organisations responding to Gartner’s research survey expressed dissatisfaction with their overall security posture as a result of relying on products from too many vendors.
The percentage of organisations looking to homogenise their security stack is up by 29% compared to last year’s results with the primary reason being to improve security, rather than budget restrictions.
Another of the main reasons why the figure has jumped in 2022 is that organisations report wanting to reduce the complexity involved with learning, using, and managing all the products they own.
“Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack,” said John Watts, VP analyst at Gartner. “As a result, they are consolidating the number of security vendors they use.”
“Cost optimisation should not be the primary driver for vendor consolidation,” he added. “Organisations that look to optimise costs must reduce products, licenses and features, or ultimately renegotiate contracts.”
For those who said they were not currently considering consolidating their security vendors, the two main reasons for the decision were time constraints and the partnership between them and the vendor being “too rigid”.
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
Gartner’s analysts highlighted solutions such as extended detection and response (XDR) and secure access service edge (SASE) as some ideal starting areas to begin consolidating vendors.
“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints, and other components.”
Gartner reported that 41.5% of survey respondents plan to have adopted SASE solutions in their organisations by the end of the year, and 54.5% of respondents plan to have implemented XDR before 2023, too.
Most organisations (57%) also report being able to resolve security issues faster after implementing XDR and a similar proportion said SASE simplifies policy management while improving security.
“Security and IT leaders should plan at least two years for consolidation as it takes time to effectively consolidate and consider incumbent vendor switching costs,” said Watts. “It is also important to anticipate vendor merger and acquisition disruption as the security market is always consolidating but never consolidated.”
